Re: zfs encryption + boot + world + dog

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M-\Michael Butash via PLUG-discuss at <-
M\MStephen Partington via PLUG-discuss at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Matthew Crews via PLUG-discuss
Date:  
To: plug-discuss
CC: Matthew Crews
Subject: Re: zfs encryption + boot + world + dog
On 6/23/21 5:18 PM, Michael Butash via PLUG-discuss wrote:
> Saw this today, talking about encryption under zfs under linux.  Anyone
> using it here that can comment on experience using it yet for personal
> or at scale?
>
> https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/
> <https://arstechnica.com/gadgets/2021/06/a-quick-start-guide-to-openzfs-native-encryption/>
>
> I use a combination of mdraid+luks+lvm+ext4/jfs, and would really love
> for this to be one thing, ala ZFS or BTRFS.  Yes I could google my arse
> off to look, but looking for some trusted opinion here.

I've used ZFS and BTRFS under Linux, though I haven't tried native ZFS
encryption yet. I have used both ZFS and BTRFS under LUKS encryption too.

Both BTRFS and ZFS work so much nicer than mdraid when it comes to
spanning across multiple disks (though beware that BTRFS still isn't
production safe for RAID5/RAID6).

If you want to use a multi-disk storage array, ZFS and BTRFS are both
superior options to MDRAID.

However ZFS is just straight better and easier to maintain than BTRFS,
especially now that native encryption is a thing (something BTRFS sorely
lacks).



Here is my disk topology for my 4 disk RAID10 setup under BTRFS. 

Disk 1 - LUKS - Btrfs --\                   /--Btrfs subvolume
                        |                   |
Disk 2 - LUKS - Btrfs --|                   |--Btrfs subvolume
                        |--- Btrfs volume --|
Disk 3 - LUKS - Btrfs --|                   |--Btrfs subvolume
                        |                   |
Disk 4 - LUKS - Btrfs --/                   \--Btrfs subvolume


To be honest, it is a pain in the arse to mount an encrypted BTRFS
volume this way. You need to unencrypt all four drives first, and then
you need to mount it. But at least once its mounted, the subvolumes are
already set up.

If I need to replace a drive (and I've had to replace drives) it is also
a pain in the arse due to having to deal with both Luks and BTRFS.

Encrypted ZFS would simplify this setup enormously.

When I need to replace my drives, I will be switching from BTRFS to ZFS.


-Matt
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-zfs encryption + boot + world + dogRe: zfs encryption + boot + world + dog->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)